package com.lg.template.controller;

import io.swagger.annotations.Api;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.sql.DataSource;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.Statement;

@Api(tags = "Druid测试")
@RestController
public class DruidStatController {
    @Autowired
    private DataSource dataSource;

    @GetMapping("druidStat")
    public void druidStat() {
        Connection connection = null;
        Statement st = null;
        ResultSet rs = null;
        try {
            connection = dataSource.getConnection();
            st = connection.createStatement();

            System.out.println("==执行：select * from user where id =(select 1 from (select sleep(2))a)==");

            /**
             * 子句为一个常见的注入点，内含禁用函数sleep，被druid视为SQL注入
             */
            try {
                String sql1 = "select * from user where id =(select 1 from (select sleep(2))a);";
                rs = st.executeQuery(sql1);
                while (rs.next()) {
                    String menu_id = rs.getString("id");
                    String menu_name = rs.getString("name");

                    System.out.println("id : " + menu_id + ", name : " + menu_name);
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
            System.out.println("==================================================");
            /**
             * 一次执行多个语句，被druid视为SQL注入
             */
            System.out.println("==执行：select id ,name  from user;select role_id as id,role_name as name from sys_role==");
            try {
                String sql2 = "select id as id,name as name from user;select id as id,name as name from user;";
                rs = st.executeQuery(sql2);
                while (rs.next()) {
                    String id = rs.getString("id");
                    String name = rs.getString("name");

                    System.out.println("id : " + id + ", name : " + name);
                }
            } catch (Exception e) {
                e.printStackTrace();
            }

            System.out.println("==================================================");
            /**
             * where条件语句中出现注入永真条件，被druid视为SQL注入
             */
            System.out.println("===select user_name,password from sys_user where user_name = 'admin' or 1=1==");
            try {
                String sql3 = "select name as name,pwd from user where  1=1";
                rs = st.executeQuery(sql3);
                while (rs.next()) {
                    String name = rs.getString("name");
                    String password = rs.getString("pwd");

                    System.out.println("name : " + name + ", pwd : " + password);
                }
            } catch (Exception e) {
                e.printStackTrace();
            }

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            if (rs != null) {
                try {
                    rs.close();
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            if (st != null) {
                try {
                    st.close();
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }
    }
}